Vulnerabilities > Parity > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-34449 | Incorrect Check of Function Return Value vulnerability in Parity Ink! ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. | 5.3 |
| 2022-09-24 | CVE-2022-39242 | Incorrect Calculation vulnerability in Parity Frontier 20210903/20211013 Frontier is an Ethereum compatibility layer for Substrate. | 5.3 |
| 2022-07-06 | CVE-2022-31111 | Always-Incorrect Control Flow Implementation vulnerability in Parity Frontier Frontier is Substrate's Ethereum compatibility layer. | 5.0 |
| 2022-01-14 | CVE-2022-21685 | Integer Underflow (Wrap or Wraparound) vulnerability in Parity Frontier 20210903 Frontier is Substrate's Ethereum compatibility layer. | 4.0 |
| 2021-10-13 | CVE-2021-41138 | Improper Input Validation vulnerability in Parity Frontier Frontier is Substrate's Ethereum compatibility layer. | 5.0 |
| 2021-09-03 | CVE-2021-39193 | Improper Validation of Specified Quantity in Input vulnerability in Parity Frontier Frontier is Substrate's Ethereum compatibility layer. | 5.3 |
| 2020-12-31 | CVE-2019-25003 | Unspecified vulnerability in Parity Libsecp256K1 An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. | 5.0 |
| 2020-01-23 | CVE-2019-20399 | Race Condition vulnerability in Parity Libsecp256K1 A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack. | 4.3 |
| 2018-01-19 | CVE-2017-14460 | Unspecified vulnerability in Parity Ethereum Client 1.7.8 An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. | 5.1 |
| 2018-01-11 | CVE-2017-18016 | Origin Validation Error vulnerability in Parity Browser 1.6.10 Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin). | 5.0 |